In the cybersecurity space, there are many things we do not all agree on, but one thing I have noticed in the past year is that we all agree that the U.S. can expect to see more ransomware attacks as the nation recover from recent attacks which included the District of Columbia Police Department, The Colonial Pipeline and now the JBS meat plant. These will continue to increase, especially in the state, local environment, as well as in the critical infrastructure and manufacturing space.
There are two main reasons for this trend:
- Organizations are not implementing the basic security controls thus allowing attackers to take advantage of easy attack vectors. A major of the critical infrastructure in the U.S. are operated by private organizations with very little IT and security regulations.
- Many organizations are frequently deciding to pay the ransom after they have been attacked. Security researchers and law enforcement often recommend organizations not to pay the ransoms, but when stakeholders and the media are applying pressure, organizational leader must do what is best for the organization. This validates the ransomware industry and their frequency and tactics become more sophisticated.
This recent attack seems to have a Russian’s group fingerprint associated to it just like the pipeline event. Many security researchers, law enforcement officials and politicians are recommending in conjunction to increasing regulations on U.S. based organizations, the U.S. must also impose sanctions against countries that allow these types of activities to occur inside their borders.
A group of ransomware hackers known as “Babuk” leaked internal police files from the Washington, D.C. Metropolitan Police Department (MPD). The information was stolen in late April. The type of information that was released included officers’ personal information including psychological evaluations, credit history and Social Security numbers. In addition, the leaked information included polygraph tests, social media posts, employment history, financial liabilities and scanned copies of officers’ driver’s licenses. The leak occurred due to a break down in negotiations between MPD and Babuk who claimed the monetary offer the department made to prevent the leak was not enough. Babuk claimed to have stolen approximately 250 GB of information from the department which can equate to 127,000 songs or 37, 600 photos on your computer.
Security experts often recommend not paying the ransom after such an attack as it would only continue to fuel the ransomware tactics. Even the FBI has issued a statement regarding this type of cyber-attack stating:
“The FBI does not support paying a ransom in response to a ransomware attack,” the agency advises. “Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
Babuk’s tactics differ to the tactics of DarkSide in Babuk stole the data and threatened to release it unless a ransom demand was met while DarkSide encrypted files and demanded a ransom in exchange for unlocking them.
One of the nation’s largest fuel pipelines has been forced to shut down after being affected by a ransomware cyberattack. Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
Colonial Pipeline was forced to shut down its entire network as well as proactively take various systems offline to contain the threat, halting all pipeline operations. The massive US pipeline runs 5500 miles from Houston to New Jersey and transport 45% of all fuel to the East Coast.
The President has been briefed and the White House stated it is working with the organization to avoid disruption to supply and restore pipeline operations as quickly as possible, but it is still unclear to how long the pipelines will be off the grid.
Experts warn a prolonged delay could eventually impact consumers.
This latest attack comes amid growing concerns about the nation’s cybersecurity posture. Last December a massive software breach at Texas based SolarWinds was identified, where hackers reportedly gained access to the emails at U.S. government agencies. Also, in Florida, investigators stated hackers took control of the computer systems of a water treatment facility in an attempt to tamper with the water supply.
It’s important that organization take these attacks seriously since these attacks will continue and are not going away. So, it’s imperative that if you’re an owner operator of critical infrastructure that you invest in the cybersecurity controls.
Update: 5/10/21 at 7:40 am EST
A Russian criminal group may be responsible for a ransomware attack that shut down a major U.S. fuel pipeline, two sources familiar with the matter said Sunday.
The group, known as DarkSide, is relatively new, but it has a sophisticated approach to the business of extortion, the sources said.
By: David E. Sanger
A cyberattack forced the shutdown of one of the largest pipelines in the United States, in what appeared to be a significant attempt to disrupt vulnerable energy infrastructure. The pipeline carries refined gasoline and jet fuel up the East Coast from Texas to New York.
The operator of the system, Colonial Pipeline, said in a statement late Friday that it had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach on its computer networks. Earlier Friday, there were disruptions along the pipeline, but it was unclear whether that was a direct result of the attack.
Read more here.
As the number of cyber-attacks continues to grow each year, the importance of cybersecurity and the need for cybersecurity practitioners will also continue to increase.
As previously stated, Researchers at Cybersecurity Ventures detailed in a 2019 post there would be 3.5 million unfilled cybersecurity positions globally in 2021, but with the addition of 700,000 additional skilled practitioners according to a Cybersecurity Workforce Study that entered the field this year, the projected number has dropped to approximately 3,21 million.
This is encouraging data and it seems we are moving in a position direction as the numbers have actually fallen for the first time since data on this matter has been collected.
To continue to effectively reduce the cybersecurity job gap, we should look towards STEM and the underrepresented group of young women and girls.
Women make up only 28% of the workforce in science, technology, engineering and math (STEM), and men vastly outnumber women majoring in most STEM fields in college.
Key factors perpetuating the women STEM gap:
- Gender Stereotypes: STEM fields are often viewed as masculine.
- Male-Dominated Cultures: Because fewer women study and work in STEM, these fields tend to perpetuate inflexible, exclusionary, male-dominated cultures that are not supportive of or attractive to women and minorities.
- Fewer Role Models: girls have fewer role models to inspire their interest in these fields, seeing limited examples of female scientists and engineers in books, media and popular culture. There are even fewer role models of Black women in math and science.
Some ways of closing the STEM Gap for women are:
- Raise awareness that girls and women are as capable as boys — when given encouragement and educational opportunities.
- Promote public awareness to parents about how they can encourage daughters as much as sons in math and science
- Supporting learning opportunities and positive messages about their abilities.
- Provide professional education to teachers — addressing implicit and systemic biases.
- Encourage girls and women to take math and science classes — including advanced classes.
- Design courses and change environments and practices in STEM studies to be more welcoming for women.
- Prioritize diverse, inclusive and respectful environments, and strong, diverse leadership.
- Recruit female employees and work to retain and promote women throughout their careers with strong advancement pipelines and continued professional development and leadership training.
Social media provides a way to stay connected and share with others, but did you know that the cyber criminals will also use social media as another technique to conduct their attacks. It is important to protect yourself as well as know the common signs of someone trying to trick or scam you.
Over social media one common method is that cyber criminals will take over someone’s social media account. Once they control the account a criminal will pretend to be the accounts owner and post an urgent message to everyone connected to that account. This message will say they are traveling internationally, and that they were just mugged and desperately need you to send them money.
If you send money, you are not helping your friend you are actually sending money to the criminal. Another common method is similar to phishing email attacks. Cyber criminals post messages attempting to trick you into clicking on a link that takes you to a malicious website.
Watch out for messages that seem urgent suspicious or try to make you feel rushed or afraid. If you receive an odd message from a friend and are not sure if it was really then that sent it call them on the phone to confirm.
Finally, attackers may use software to try and guess your password, if they gain access, they can then use your account to launch attacks on your contacts and friends. Always try protecting each of your social media accounts with a unique strong password and enable two factor authentication whenever possible.